Blog Entry: 3/25/2006 1:45:26 PM
Sorry, I forgot about that when I got hung up on the install problem.
I'll tackle your explanation now to see if I can get it working. Since I already bought the software I'll keep my fingers crossed.
Thanks , I dont know about your error on line 6 when uploading..
as far as the manaully edited import file not working I would really need to see it. There has to be somethin wrong with it's format.
I really need more information and possibly acess to the system to do some troubleshooting...
This is anot a feature anyone has ever had an issue like this with. ,
Honestly cannot comment much about v7 since it was just installed on a new server. We have been running 5.03 for years so I'm looking forward to the new features in v7.
Lance , also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, does emailing work at the simplest level.. ??
meaning does a user get an email when you send an email from the admin users screen ?
if emails are not sending it could very well be the setting you have chosen for emails in the settings.
the best thing to do is keep trying to send an email there and try different emails settings until you get something that works... even when I do installs for people I often have to try a lot of various things before I get emails to send.. like picking different components and trying different things for the email server address because what they tell me is often wrong
also, sometimes emails get sent but depending on where they go they may get deleted as spam.. aol, hotmail, msn, and yahoo are famous for that , in the version you have changing it is not something we covered
I believe you will find it the "config_inc.asp" file in the root though... be careful with naming it though because if you use any spaces or weird characters it might cause issues with various functions in the application like emailing.. I recommend just using letter, numbers, and maybe dashes
, need more info..
are you using aspimage to resize images and make true thumbnails..
(because if you have it turned on and it isnt actually installed on the server you will get broken thumbnails.)
what kind of images are you using ? gif or jpegs
are you uploading images over existing images ?
really need to know exactly what to do to reproduce the situation from scratch and then I can give you a better answer ??
cwilliams38348.7894097222, enjoy the bar.. drink one for me.. cause that was the problem..
, Hey, I run a business and I will not have things like that mentioned in these forums. , actually, passwords can be up to 75 characters long in ASPProtect.
the only requirement when entered from a non admin user is that they are at least 4 characters long.
what does MSAccess have to do with this ? Are you trying to convert and old system or something? I noticed you created and "old password" field in there ? Is there something I do not know about as far as what you are trying to do?
Passwords in version 7 are encrypted so I hope you understand all of that and realize you can not enter or change passwords right from SQL server. Also if you import info you must handle that accordingly and convert the passwords to encrypted format for the new version., Can you incorporate a secure log in within the scripting. I would like the account information to be secure without having to have the whole site using running through a secure (https://) path. If this is possible, the scripting is perfect! , This may be an old question ??? If it is please point me to the post or documentation where I can find the answer please.
When creating protected pages I am using the following to protect them:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="/aspprotect/check_user_inc.asp"-->
But that is not working. I get the following error when I try to access the members logon page in the directory that I wish to add the pages to:
Active Server Pages error 'ASP 0130'
Invalid File attribute
/filelocation/filename.asp, line 3
File attribute '/aspprotect/check_user_inc.asp' cannot start with forward slash or back slash.
However if I create the pages in the root of the AspProtect directory and use a link to the same page that exists in the AspProtect directory and the following include:
<%@ LANGUAGE="VBSCRIPT" %>
<!--#INCLUDE FILE="check_user_inc.asp"-->
The pages work fine.
I really do not want to put all of my protected pages in the root of the AspProtect directory.
I would like to mix protected and unprotected pages throughout the site in order to #1 make it easier to administer. #2 keep the AspProtect directory solely for authentication. And, #3 keep any user authentication pages out of the AspProtect directory.
TIA
, Chris, and all who read this post.
Don't run away!
I believe that perhaps I gave Chris good cause for this post to be created . But dont fear .
When it comes to most languages I am a newbie, let alone ASP.NET. I did not choose to have an application for my site to be built in ASP.NET. However it was and I had paid for that program and it needed protecting!
Now I did have a few problems, however NONE were with ASPProtect.NET. It is brilliant. NONE were with Chris and the support he provides. I believe he must work 24/7 judging by the speed of replies and the timezone differences.
In the end all the problems were down to MY typos and a web host who insisted that any problem was a conflict and not their server set-up.(which it was!)
Having eliminated the typo and changed web provider to a less arrogant company. ASPProtect.NET installed and ran out of the box. Truely impressive.
As a newbie it is not something I would like to do again. But with help from Chris and from a friend with ASP.NET knowledge any issues were very quickly resolved.
An A+ recommendation for CJWSoft. I love it!
, Testing for XML Parser Support
the microsoft xml parser is generally installed by default on all new server setups..
It allows ASP code to make calls to other pages anywhere on the new as well as a lot of other handy things..
download and run this ".asp" page to verfiy that it is installed and be sure it is available for you to use
2004-12-10_132620_test_xmlparser.zip
Make sure you run it from your web server through the web browser cwilliams38331.5621180556, download the free version...
check out this tutorial...
http://support.cjwsoft.com/code/moreinfo169-1.htm
If your application can post to the page and provide all the form variables needed to log in it may work out for you..
You'll have to try it out... all the form variables needed are in that login form example.
Basically you'd be posting to a protected (.asp) page..
and providing the following for the most part.. how your app creates it post data is on your end...
<input type="hidden" name="Status" value="Checkem">
<input type="text" name="Username" value="Yourusername">
<input type="Password" name="Password" value="YourPassword">
As an alternate scenario...
Now, by default the "check_user_inc.asp" file is looking for posted form data... for security reasons it is not looking for querystring info..
If you change this bit of code in that file
from
Username = Replace(Request.Form("Username"),"'","''")
Password = Request.Form("Password")
to
Username = Replace(Request("Username"),"'","''")
Password = Request("Password")
It will then grab either form or querystring data...
Meaning you wouldn't necessary have to create a true post to the page with form data. You could just access the page via a querysting like so
http://www.mysite.com/somepage.asp?Status=Checkem&Userna me=Yourusername&Password=Yourpassword
Of course that introduces security risks as the username and password would be passed in plain text over the net
Another option is...
You can also make a copy of the "check_user_inc.asp" page called whatever with those modifications just to use in pages you need your little application to post to... thus reducing the security concerns a a bit as the rest of yoru site could still have its pages protected under the normal scenario.
I hope this answers your question... I havent really ever tried any of this but that is how I think it would work... , one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm, Thought that was already done....
Back to the drawing board... , edited due to inappropriate content , Your probably talking about "Session.Timeout" which is a feature of the IIS webserver. Please do a google search on it for more information.
In the meatime if you look at the top of the "check_user_inc.asp" file you should see a section like this where you can try to change the value.
' Minutes you want before the session times out.
' This is set on the server to be default to 15 or 20 minutes depending on the server version
' You can change it there or override it here.
Session.Timeout = 30
Specifying it like that is supposed to overwrite the value for your web in the IIS console which is usualy 20 minutes.
, like I said... you would have to modify the code
(and really I dont think it is possible, how could it be when images uploaded are of all shapes and sizes)
How are pictures of various shapes and size going to resized to a fixed width and height without distortion on either a horizontal or vertical level ? Uness the image uploaded matches the fixed thumbnail ratio you have set there is going to be distortion.
There is no component that is going to make it any easier. You are already using an image resizing component.
I give you two options the way the code ships.
fixed width and height for thumbnails
or
fixed width / dynamic height for thumbnails
The only other possible option would be
fixed height / dynamic width for thumbnails
and that you would have to code on your own because that option is not there
The last thing I will say is this. Sorry, but I do not support custimizations to the code. It's just not easy to explain. Its a lot of code work. Its a lot of time. , "save_pic_desc.asp"
in both the admin and users area needs to be edited
You'll see something like this...
If Len(Image_Description) > 250 Then
just change 250 to something higher.. I wouldn't go much over 500 though as it may cause problems.. I am really not sure.. Changing it higher is done at your own risk. cwilliams38300.5727314815, (FREE) Nov 23 2005 Update Files
If you purchased ASPProtect Version 7.x before Nov 23 2005 then you can download these Update Files.
(These are non-critical updates.. only update if you want the described changes below)
These updates do the following..
- Make the Tabs in the Admin area move up and down as you navigate around so they look more like tabs used in a file cabinet.
- Updates the import/export process so the tab delimited text files created now store the passwords in plain text instead of encrypted. I have been thinking about this one for a while now and I think it is better this way as it was confusing a lot of people. If can also kill the whole process if by chance the encrypted output of a password contains a line break of sorts. There is no way to deal with that scenario so this is way the import/export process is going to work from now on. This also means you should be VERY carfeful about leaving export files lying around as they will have the passwords in them.
- Updates the "expected_paths.asp" in the data folder because the paths it was generating had an extra "data/" in it.
- Updates the users page so it will not show the import/export link if you have not entered a path for the export files in the settings.
- Adds an Activity Tab if using the Activity Tracking features instead of the links it used to put on the users page that most people didn't see.
To install these just copy them in over the old files.
Now of course back up your existing files so can revert back if there is a problem or you do not like the changes. If you made any custom changes to any of your pages use your head and realize that copying these in over your existing files will overide any custom changes you made. (that is your business, I am just warning you)
2005-11-23_163025_ASPProtect_v7_11-23-2005_update.zip
, humm, I dont know then..
If you want PM me your site info and I will go in and troubleshoot.
Frontpage or frontpage access, either way
and also the site URL , ConnectionString = "DBQ=C:\TradersReportsCom\aspprotect\data\database\ASPProtec t_access2002.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=Admin;Password=temp"
I have already set the folder permissions as indicated in the documentation. , at this point I would say install a fresh untouched copy in the web in a different directory and lets see if it acts weird from scratch.. the we can go from there.. I dont know what is going on , Hi,
I don't fully understand what you are explaining ... the part about showing a user but not working???? but if you PM me the details I will glady go into your live webserver and see if I can get it working. , I really need more information..
SQL or Access database ?
If Access are you using the newest version of the .mdb file
Is this a new item ?
Show me your connection string ?
perhaps the url to the site as well so I can look around?
things like that that will help me troubleshoot.
If any info is sensative send me a PM..
, Humm, I can see all those pages loading just fine at both domains so you got me pretty confused at this point as you just said they didnt load.
regardless, the data connection tests are failing with both of them.
so let me ask you again how are you setting permissions on the database folders? , Chris,
Another question on V7. I set up all the paths as required for the extras like user pics and exports on my site. They were working fine. I created an export, then as you recommend, deleted the file on the site to ensure it doesn't get in the wrong hands. I did this a few times to test it after a number of people logged in.
About 2 days later, I went to do it again and the system came back with an error saying the directory didn't exist. I know it did because I created it and it worked fine. I then created the directory again thinking I was losing it.
Then today, I went to do another export and the directory is gone again! Can you help me understand why this might be happening? I am the only one with FTP access to the site so there is no way that it could be someone else doing it. The error I get is:
Microsoft VBScript runtime error '800a004c'
Path not found
/password_admin/export.asp, line 78
Thanks,
Dave , Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properly.
The way to cure it is as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
If this happens a lot it is a server issue, not ASPBanner's fault. cwilliams38415.0978935185, Christopher
Found this but I dont really know what to do with it or even if its the right thing.
<%
'=========================================================== ==================='
' Application: Utiity Function
' Author: ; John Gardner
' Date: & nbsp; 20th December 2004
' Description: Used to check the validity of a postcode
' QueryString: None
' Version: V1.0
' Required routines: &nb sp; None
'----------------------------------------------------------- -------------------'
function Check_Postcode (byRef strPostcode)
' This routine checks the value of the form element specified by the parameter
' for a valid postcode.
' The definition of a valid postcode has been taken from:
' http:'www.royalmail.com/docContent/other/Downloadable_Files/ PAF_Digest_Issue_5_0.pdf
' If the element is a valid postcode, the function value is returned as TRUE
' and the postcode is returned in uppercase with the separating space in the
' right place.
Dim strPostcodeRegExp(2) ' holds the regular expressions for valid postcodes
Dim intCount &nbs p; ' For loop counter
Dim strPostcodeCopy ' Copy of postcode
' Variables used to hold regular expression object
Dim objRegExp, objMatches, objMatch
' Expression for postcodes: AN NAA, ANN NAA, AAN NAA, and AANN NAA
strPostcodeRegExp(0) = "^([a-z]{1,2}[0-9]{1,2})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Expression for postcodes: ANA NAA, and AANA NAA
strPostcodeRegExp(1) = "^([a-z]{1,2}[0-9]{1}[a-z]{1})([0-9]{1}[abdefghjlnpqrstuwxyz]{2})$"
' Exception for the special postcode GIR 0AA
strPostcodeRegExp(2) = "^(gir)(0aa)$"
' Copy the parameter and convert into lowercase
strPostcodeCopy = Lcase(strPostCode)
' Assume we're not going to find a valid postcode
Check_Postcode = false
' Strip out spaces
strPostcodeCopy = Replace (strPostcodeCopy, " ", "")
Check_Postcode = False
Set objRegExp = New RegExp
' Check the string against valid types of post codes
For intCount = 0 to Ubound(strPostCodeRegExp)
' Check next pattern in list
objRegExp.Pattern = strPostcodeRegExp(intCount)
If objRegExp.Test (strPostcodeCopy) Then
' Post code found. Ensure input parameter is in correct format.
Set objMatches = objRegExp.Execute (strPostcodeCopy)
Set objMatch = objMatches(0)
strPostcodeCopy = Ucase (objMatch.subMatches (0)) & " " & Ucase (objMatch.subMatches (1))
' Show that we have found the postcode
Check_Postcode = True
End if
Next
' Ensure that the uppercase postcode gets returned if valid
If Check_Postcode Then strPostcode = strPostcodeCopy
End Function
%>
regards
John
, how di I change the currency dollar sign to gdp pound sign ?
I need all my tranactions in gdp puund sterling to use on paypal
regards
simon , I am testing this now and there is something wrong.
PayPal is hitting the ipn.asp but the database is not being updated.
I will figure it out shortly though and post the anwer here. , I have one file called asplistings.sql but I have license for ASPListings_auto and ASPListings_real_estate. I really want to use the SQL server for both. Please advise how?
Thank you.
Lance , A correctly configured Microsoft SQL Database is critical to the correct operation of the ASPBanner system.
Table & Field settings must be exactly the way we set them in the database creation scripts provided with the ASPBanner system.
Below are screenshots of the design view settings for all the tables used in the ASPBanner system in case you want to double check them
In addition to the settings above each table has one field that is a primary key with an auto increment of one
In the screenshots above each of those fields has a yellow key next to it.
If the field does not have yellow primary key icon on you just right click and the option to make it one appears.
The SQL column settings for each one of the primary key fields must be set as follows
In addition to these settings the SQL scripts provided with the system auto populate the Banner_Users table with two users. This is very important because without the Admin user the scripts add you wont be able to log in to the ASPBanner system as an admin.
cwilliams38325.7405092593, Is there a way to know if it is a SQL server with IIS5? My database type is MSACCESS.
Thanks!
Rhona (rookie) , Yup everything looks ok - but why no error?
This just gets better - now the email a friend link says sent successfully and doesn't send out - what the heck...
What would cause it to 'think' it is doing the task yet still fail? ,
Access to some sections of the forums must be requested.
Please Click on the following link and read all of it carefully.
http://support.cjwsoft.com/
cwilliams38291.6121296296, ok, that is done and seems to be working..
I edited the RC4 function in the "config_inc.asp" file like I mentioned
so the function now looks like this which just acts as a passthrough and really does nothing
Function RC4(ByRef pStrMessage, ByRef pCookieEncryptionKey)
RC4 = pStrMessage
End Function
so it is all set, go try things out and lets see if anything else weird comes up
Username "admin"
Password "abcdefghij" , thanks.. it was not taken as a complaint.
I just wanted to explain
When you said you tried using the web version of sql manager. Did you use the microsoft one I link to here "just curious"
http://support.cjwsoft.com/code/moreinfo127-1.htm
,
Timecard Entry: 3/25/2006 1:45:26 PM
Cape Chamber - changes / additions to listings, DNS migration work for ns1.gisco.net, Took tech calls, checked DUI, AUAQ, RAD, Voice Mail, and called users back. Was kinda slow tonight. , work with ed on frame router imcnet issues got rerouted around, Billing w/ Carol and Michele. Helping Vermont Internet with some inssues. Working w/ DSL group on updates. Worked on list of numbers to disconnect and for Beth to test. Lots over stuff, meeting too. Extra hour for you know what., Answer e-mails. Talk to Doug Dietterich (new channel partner, and John Tocornal (wiley school), setting up fiber optic connections between two buildings and tech room (testing fiber), BRYNSREALTY, SCANNED AND ADDED PICTURES AND REAL ESTATE INFO 4 LISTINGS AS WELL AS SOME DELETIONS, cphospital.org - starting new staff admin to support categories., conversation with Tim Badour about status of things and upcoming mgt conference, E-Mail, Answered tech related questions., Emails, Tasks, Phone, Andy MBO 1/2 Hr., timecards for the week., reviewed voice mail; printed, reviewed and mailed invoices; mailed software; cancellations for nonpayment; updated cancel and referral logs; answered phone, email, NOC duties, network rewired over weekend, helped troubleshoot problem connections, Answering voice mails to Froggy97, Remington, and LaFargeville School (dating system seems to be off)., Checking on network. Resetting a couple of hung modems in Clayton., Authenicator went down again
for about 30 mins. (ns1), expedia.com to book flights for ispcon, left a message for motel reservations, talk to Steve about weird nnymls.com listing (Dave V gave their password to the prospective buyer in Georgia and it looks like the Georgia guy edited some nnymls.com listings). Also talked about setting up realtor.com contracts for our 3 most recent MLS customers., Lunch, Prepare for Board Meeting, DMS-500 Work Order Time, Nortel, lunch, work with Ed and Bell Atlantic with the Iprs service in vermont, Atm up and stable ( ba needs to be set to net timing, when set to internal doesnt work ** they got a bad card imo... ) got l2f tunnels working to our cisco, got the l2f tunnels auth to radius and patching down. got ips from logical net and tested by dialing in and surfing.. seems to be working ok..., Work with Kim Cilley on adding O-Burg subscribers,
| 
